Fluid Attacks' scanners
Starting November 1, 2025, the Fluid Attacks full scanner will become deprecated in favor of the multiple standalone scanners.
Fluid Attacks offers several Docker images to perform security scans, which are described below.
These scanners can be seamlessly integrated into your development workflow, allowing you to perform security scans both locally and within your continuous integration and continuous delivery (CI/CD) pipeline.
Fluid Attacks' SAST scanner
fluidattacks/sast refers to the tool to perform SAST scans. (Available as a Docker container.)
For more information about SAST analysis, see what is SAST.
Fluid Attacks' SCA scanner
fluidattacks/sca refers to the tool to perform SCA scans. (Available as a Docker container.)
For more information about SCA analysis, see what is SCA.
Fluid Attacks' CSPM scanner
fluidattacks/cspm refers to the tool to perform CSPM scans. (Available as a Docker container.)
For more information about CSPM analysis, see what is CSPM.
Fluid Attacks' DAST scanner
fluidattacks/dast refers to the tool to perform DAST scans. (Available as a Docker container.)
For more information about DAST analysis, see what is DAST.
Fluid Attacks' APK security scanner
fluidattacks/apk refers to the tool to perform APK security scans. (Available as a Docker container.)
This scanner decompiles and searches vulnerabilities on APK files.
Fluid Attacks' full scanner
fluidattacks/cli refers to the general scanner tool. You can use it to perform SAST, SCA, DAST and CSPM scans as well as APK analysis. (Available as a Docker container.)
This image does not receive any updates since April, 2025. Please, migrate your existing flow to the specific scanner(s) required for your use case(s).